International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

06:17 [Pub][ePrint] Efficient Identity-Based Encryption over NTRU Lattices, by Léo Ducas and Vadim Lyubashevsky and Thomas Prest

  Efficient implementations of lattice-based cryptographic schemes have been limited to only the most basic primitives like encryption and digital signatures. The main reason for this limitation is that at the core of many advanced lattice primitives is a trapdoor sampling algorithm(Gentry, Peikert, Vaikuntanathan, STOC 2008) that produced outputs that were too long for practical applications.

In this work, we show that using a particular distribution over NTRU lattices can make GPV-based schemes suitable for practice. More concretely, we present the first lattice-based IBE scheme with practical parameters - key and ciphertext sizes are between two and four kilobytes, and all encryption and decryption operations take approximately one millisecond on a moderately-powered laptop.

As a by-product, we also obtain digital signature schemes which are shorter than the previously most-compact ones of Ducas, Durmus, Lepoint, and Lyubashevsky from Crypto 2013.

06:17 [Pub][ePrint] SPHINCS: practical stateless hash-based signatures, by Daniel J. Bernstein and Daira Hopwood and Andreas Hülsing and Tanja Lange and Ruben Niederhagen and Louiza Papachristodoulou and Peter Schwabe a

  This paper introduces a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41~KB, public keys are 1~KB, and private keys are 1~KB. The signature scheme is designed to provide long-term $2^{128}$ security even against attackers equipped with quantum computers. Unlike most hash-based designs, this signature scheme is stateless, allowing it to be a drop-in replacement for current signature schemes.

06:17 [Pub][ePrint] Distributed Cryptography Based on the Proofs of Work, by Marcin Andrychowicz and Stefan Dziembowski

  Motivated by the recent success of Bitcoin we study the question of constructing distributed cryptographic protocols in a fully peer-to-peer scenario (without any trusted setup) under the assumption that the adversary has limited computing power. We propose a formal model for this scenario and then we construct the following protocols working in it:

(i) a broadcast protocol secure under the assumption that the honest parties have computing power that is some non-negligible fraction of computing power of the adversary (this fraction can be small, in particular it can be much less than 1/2),

(ii) a protocol for identifying a set of parties such that the majority of them is honest, and every honest party belongs to this set (this protocol works under the assumption that the majority of computing power is controlled by the honest parties).

Our broadcast protocol can be used to generate an unpredictable beacon (that can later serve, e.g., as a genesis block for a new cryptocurrency). The protocol from Point (ii) can be used to construct arbitrary multiparty computation protocols. Our main tool for checking the computing power of the parties are the Proofs of Work (Dwork and Naor, CRYPTO 92). Our broadcast protocol is built on top of the classical protocol of Dolev and Strong (SIAM J. on Comp. 1983). Although our motivation is mostly theoretic, we believe that our ideas can lead to practical implementations (probably after some optimizations and simplifications). We discuss some possible applications of our protocols at the end of the paper.

06:17 [Pub][ePrint] Tightly-Secure Authenticated Key Exchange, by Christoph Bader and Dennis Hofheinz and Tibor Jager and Eike Kiltz and Yong Li

  We construct the first Authenticated Key Exchange (AKE) protocol whose security does not degrade with an increasing number of users or sessions. We describe a three-message protocol and prove security in an enhanced version of the classical Bellare-Rogaway security model.

Our construction is modular, and can be instantiated efficiently from standard assumptions (such as the SXDH or DLIN assumptions in pairing-friendly groups). For instance, we provide an SXDH-based protocol whose communication complexity is only 14 group elements and 4 exponents (plus some bookkeeping information).

Along the way we develop new, stronger security definitions for digital signatures and key encapsulation mechanisms. For instance, we introduce a security model for digital signatures that provides existential unforgeability under chosen-message attacks in a multi-user setting with adaptive corruptions of secret keys. We show how to construct efficient schemes that satisfy the new definitions with tight security proofs under standard assumptions.

06:17 [Pub][ePrint] Multi-Identity and Multi-Key Leveled FHE from Learning with Errors, by Michael Clear and Ciar\\\'{a}n McGoldrick

  Gentry, Sahai and Waters recently presented the first (leveled) identity-based fully homomorphic (IBFHE) encryption scheme (CRYPTO 2013). Their scheme however only works in the single-identity setting; that is, homomorphic evaluation can only be performed on ciphertexts created with the same identity. In this work, we extend their results to the multi-identity setting and obtain a multi-identity IBFHE scheme that is selectively secure in the random oracle model under the hardness of Learning with Errors (LWE). We also obtain a multi-key fully-homomorphic encryption (FHE) scheme that is secure under LWE in the standard model. This is the first multi-key FHE based on a well-established assumption such as standard LWE. The multi-key FHE of L\\\'{o}pez-Alt, Tromer and Vaikuntanathan (STOC 2012) relied on a non-standard assumption, referred to as the Decisional Small Polynomial Ratio assumption.

06:17 [Pub][ePrint] Verifiable Random Functions from Weaker Assumptions, by Tibor Jager

  Constructing a verifiable random function (VRF) with large input space and full adaptive security from a static complexity assumption, like decisional Diffie-Hellman for instance, has proven to be a challenging task. To date it is not even clear that such a VRF exists. Most known constructions either allow only a small input space of polynomially-bounded size, or do not achieve full adaptive security under a static complexity assumption.

The only known constructions without these restrictions are based on non-static, so-called \"q-type\" assumptions, which are parametrized by an integer q. Since q-type assumptions get stronger with larger q, it is desirable to have q as small as possible. In current constructions q is a polynomial (Hohenberger and Waters, Eurocrypt 2010) or at least linear (Boneh et al., CCS 2010) in the security parameter.

We construct a relatively simple and efficient verifiable random function, based on a q-type assumption where q is only logarithmic in the security parameter. We also describe a verifiable unpredictable function from a similar, but weaker assumption. Both constructions have full adaptive security and large input spaces.

06:17 [Pub][ePrint] Efficient Pairings and ECC for Embedded Systems, by Thomas Unterluggauer and Erich Wenger

  The research on pairing-based cryptography brought forth a wide range of protocols interesting for future embedded applications. One significant obstacle for the widespread deployment of pairing-based cryptography are its tremendous hardware and software requirements. In this paper we present three side-channel protected hardware/software designs for pairing-based cryptography yet small and practically fast: our plain ARM Cortex-M0+-based design computes a pairing in less than one second. The utilization of a multiply-accumulate instruction-set extension or a light-weight drop-in hardware accelerator that is placed between CPU and data memory improves runtime up to six times. With a 10.1 kGE large drop-in module and a 49 kGE large platform, our design is one of the smallest pairing designs available. Its very practical runtime of 162 ms for one pairing on a 254-bit BN curve and its reusability for other elliptic-curve based crypto systems offer a great solution for every microprocessor-based embedded application.

09:44 [Job][New] Associate professor (lecturer) in Computer Security., University of Birmingham, UK

  This is a permanent research and teaching position in one of UK\'s top research-led universities. The Security and Privacy group undertakes research in all fields related to information and cyber security,

privacy, cryptography, etc.

23:53 [Event][New] DAC: Design Automation Conference - Hardware Software Security Track

  Submission: 21 November 2014
Notification: 17 February 2015
From June 7 to June 11
Location: San Francisco , USA
More Information:

23:53 [Event][New] COSADE 2015: 6th Int. Workshop on Constructive Side-Channel Analysis and Secure Design

  Submission: 8 December 2014
Notification: 4 February 2015
From April 13 to April 14
Location: Berlin, Germany
More Information:

09:23 [Event][New] 5th Bar-Ilan Winter School on Cryptography: Advances in Practical MPC

  From February 15 to February 19
Location: Tel Aviv, Israel
More Information: